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x No. I Basis of the report 



1 . With regard to the language, this report is based on: 

□ 

the international application in the language in which it was filed. 

O a translation of the international application into , which is Hie language of a translation furnished for the 

purposes of: 

□ international search (under Rules 12.3 and 23.1(b)) 
□ 

publication of the international application (under Rule 12 4(a)) 
international preliminary examination (under Rules 55.2(a) and/or 55.3(a)) 

2. With regard to the elements of the international application, this report is based on (replacement sheets which have been furnished 
to the receiving Office in response to an invitation under Article 14 are referred to in this report as "originally filed" and are not 
annexed to this report): 

[X] the international application as originally filed/furnished 
[Xl the description: 

pages as originally filed/furnished 

* NONE received by this Authority on 

_ received by this Authority on 




as originally filed/furnished 

as amended (together with any statement) under Article 19 

received by this Authority on 

received by this Authority on 



originally filed/furnished 
received by this Authority on_ 
received by this Authority on _ 



□ a sequence listing and/or any related table(s) - see Supplemental Box Relating to Sequence Listing. 
3 . Q The amendments have resulted in the cancellation of 
□ 

the description, pages ___ . 

I I the claims, Nos._ 



□ 

the drawings, sheets/figs 

□ the sequence listing (specify): 

LZ1 any table(s) related to the sequence listing (specify): . 



O This report has been established as if (some of) the amendments annexed to this report and listed below had not been made, 
since they have been considered to go beyond the disclosure as filed, as indicated in the Supplemental Box (Rule 70.2(c)). ' 



the description, pages _ 

I I the claims, Nos 

□ 



□ 

the sequence listing (specify): . 

any table(s) related to the sequence listing (sped) 



If item 4 applies, some . ir all of those sheets may be marked "superseded. " 
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Box No. V Reasoned statement under Article 35(2) with regard to novelty, inventive step or industrial 
applicability; citations and explanations supporting such statement 



1. Statement 

Novelty (N) 



_YES 
_NO 



Inventive Step (IS) 
Industrial Applicability (IA) 



Claims NONE 



_YES 
_NO 



_YES 
_NO 
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In case the space in any of the preceding boxes is not sufficient. 

Continuation of: 



V. 2. Citations and Explanations: 

Claims 1-45 lack inventive step under PCT article 33(3) as being obvious over Drews (U.S. Patent No 6 477 645) in view of 
Bari et al. (U.S. Pub. No. 2002/0023059). 

Drews discloses referring to FIG. 1, a block diagram of one embodiment of system 1 00 for providing authority and integrity 
checks in a system lacking a public key is shown. System 100 includes remote platform 105, user platform 1 10, including 
transformation value generator 1 1 5, comparison system 120, and display system 122. Remote platform 105 is coupled to 
user platform 1 10 by communication channel 125. User 1 30 is capable of receiving input, such as credential transformation 
value 135, information transformation value 140, or credential subset transformation value 145, from authorizing entity 150 
for input into comparison system 120 of user platform 1 1 0. Remote platform 1 05 is capable of receiving information 1 55 and 
credential 160, which includes credential subset 165 from authorizing entity 150. 

Remote platform 105 is capable, in one embodiment, of staging and transmitting information 155 and credential 160 to user 
platform 1 1 0. Remote platform 105 is not limited to any particular type of device and can be a computer, such as a personal 
computer, a server or a mainframe, or a communication device, Such as a cell phone, or a television or radio transmitter or 
transceiver. Those skilled in the art will recognize that any device capable of transmitting information to user platform 110 
can function as remote platform 105. 

The present invention ensures the authority and integrity of information received at user platform 1 1 0, so it is not limited in 
the type of information transmitted from remote platform 105 to user platform 110. In one embodiment of the invention 
information 1 55 is a boot image, but those skilled in the art will recognize that the present invention is equally applicable to 
the transmission of information such as application software or data 

Credential 160, in one embodiment, contains authority information, such as a digital signature or digital signature in 
combination with other information, such as a digital certificate that normally accompanies 

transmitte d information. The authority information, without a public key that designates the authorized source of the 
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credential's digital signature installed on user platform 1 10, is insufficient to check the authority of the credential. However, a 
credential which includes a digital signature that covers the rest of the credential can be used to check the integrity of the 
credential. 

User platform 110 is provided for the purpose of receiving transmitted information such as information 155, credential 160, 
or information 155 and credential 160 from remote platform 105. User platform 110 is the target device for software, 
commands, or data staged on remote platform 1 05, and can be a computer, such as a personal computer, a server or a 
mainframe, or a communication device, such as a pager, a cell phone, or a television or radio receiver or transceiver. Like 
remote platform 105, user platform 110 is not limited to any particular type of device, and those skilled in the art will 
recognize that any device capable of receiving information from remote platform 1 05 can be used in the present invention, 
(see column 2, lines 9-65 of Drews). 

Transformation value generator 115 is provided to convert a variable length amount of digital data into a more concise form. 
In one embodiment of the invention, generator 115 is a hash function. A hash function accepts any length input and 
generates a fixed length output. Hash functions are known in the art and those skilled in the art will recognize that a hash 
function suitable for use in embodiments of the present invention is one that is relatively easy to compute, one-way, and 
collision-free, (see column 3, lines 15-23 of Drews). 

In one embodiment, authorizing entity 150 supplies information transformation value 140, computed from information 155, to 
user 1 30. The transformation value is computed such that all parts of the information contribute to the transformation value 
in a way that is one-way and collision-free. In one embodiment, user platform 110 receives information transformation value 
140 from user 1 30. Comparison system 120 compares the received information transformation value 140 with the output of 
transformation value generator 115, which generates a transformation value of information 155 supplied by remote platform 
105. A match authenticates information 155 by ensuring the integrity and the authority of information 155. (see column 4, 
lines 24-37 of Drews). 

Drews discloses the claimed subject matter. However, Drews does not specifically mention using the master credential in 
generating the application credential. On the other hand, Bari et al. disclose a system for registering, storing and managing 
personal data for use over a network, wherein the master credential is utilized (see paragraph [0046], lines 1 0-1 9 of Bari et 
al.). It would have been obvious to a person of ordinary skill in the art at the time the invention to utilize the master 
credential in generating the application credential. The ordinary skilled person would have been motivated to have applied 
the teaching of Bari et al. into method of Drew to utilize the master credential, because once a user is registered, the 
inventive system recognizes and authenticates the Master Authentication Credential, which then unlocks the personalized 
vault containing Authentication Master Credential for third party Web Sites and the User Profile (see paragraph [0036], lines 
19-23 of Bari et al.). 

Claims 1-45 meet the criteria set out in PCT Article 33(4), and thus have industrial applicability because the subject matter claimed can 
be made or used in industry. 
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